Total
616 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17350 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation. | |||||
| CVE-2019-17349 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation. | |||||
| CVE-2019-16413 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems. | |||||
| CVE-2019-16319 | 3 Debian, Opensuse, Wireshark | 3 Debian Linux, Leap, Wireshark | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero. | |||||
| CVE-2019-15702 | 1 Riot-os | 1 Riot | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c has an infinite loop for an unknown zero-length option. | |||||
| CVE-2019-15143 | 5 Canonical, Debian, Djvulibre Project and 2 more | 5 Ubuntu Linux, Debian Linux, Djvulibre and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp. | |||||
| CVE-2019-14442 | 2 Debian, Libav | 2 Debian Linux, Libav | 2024-11-21 | 7.1 HIGH | 6.5 MEDIUM |
| In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file. | |||||
| CVE-2019-14372 | 2 Debian, Libav | 2 Debian Linux, Libav | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c. | |||||
| CVE-2019-14371 | 1 Libav | 1 Libav | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Libav 12.3. There is an infinite loop in the function mov_probe in the file libavformat/mov.c, related to offset and tag. | |||||
| CVE-2019-14241 | 1 Haproxy | 1 Haproxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c. | |||||
| CVE-2019-14207 | 2 Foxitsoftware, Microsoft | 2 Phantompdf, Windows | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling the clone function due to an endless loop resulting from confusing relationships between a child and parent object (caused by an append error). | |||||
| CVE-2019-13453 | 1 Zipios Project | 1 Zipios | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Zipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infinite loop, causing a denial of service. This is related to zipheadio.h:readUint32() and zipfile.cpp:Zipfile::Zipfile(). | |||||
| CVE-2019-12402 | 3 Apache, Fedoraproject, Oracle | 19 Commons Compress, Fedora, Banking Payments and 16 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress. | |||||
| CVE-2019-12068 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2024-11-21 | 2.1 LOW | 3.8 LOW |
| In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well. | |||||
| CVE-2019-10900 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely. | |||||
| CVE-2019-10898 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length. | |||||
| CVE-2019-10897 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance. | |||||
| CVE-2019-10485 | 1 Qualcomm | 110 Apq8009, Apq8009 Firmware, Apq8017 and 107 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Infinite loop while decoding compressed data can lead to overrun condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130 | |||||
| CVE-2019-1010189 | 1 Mgetty Project | 1 Mgetty | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. The fixed version is: 1.2.1. | |||||
| CVE-2019-1010142 | 2 Fedoraproject, Scapy | 2 Fedora, Scapy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). The attack vector is: over the network or in a pcap. both work. | |||||